Latest Information Security news from ireland and around the world

Game of Thrones data leaked in HBO hack

HBO got its welcome to the unwelcome corner of Netflix’s and Sony’s world last week – the “you’ve been hacked” corner.

For an unknown number of entertainment journalists, it probably couldn’t have been more welcome. Talk about a story – actually two stories – falling into your lap.

Falling into your inbox, actually. How about a subject header, “1.5 TB of HBO data just leaked!!!” for a tease?

Story One was that within what the hackers, whose command of English is apparently somewhat limited, called the “greatest leak of cyber space era” is the script for next week’s episode of Game of Thrones. You know, what Time magazine’s cover of 10 July 2017 called the “World’s Most Popular Show,” and said it is watched by an average of more than 23 million people in the US alone.

Reportedly, also on the site hosting the script are pending episodes fro (starring Dwayne “The Rock” Johnson), Insecure, a new show called Room 104, and Barry, with more to come, according to the unidentified hackers.

Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.

Story Two is that the fact, if not the scope, of the hack was legitimate, confirmed by the network in a statement to Entertainment Weekly and by an email from HBO chairman and CEO Richard Plepler to employees, reported by numerous outlets:

Dear Colleagues,

As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming. Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us.

I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests … The problem before us is unfortunately all too familiar in the world we now find ourselves a part of.

As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.

Richard

HBO declined to specify how much “proprietary information” had been taken, saying their investigation is ongoing.

The hackers’ claims have not yet been verified but if they’re true, they have stolen a vast trove of entertainment content – a single terabyte can hold an estimated 500 hours of video – including more episodes of Game of Thrones and unreleased feature films, plus internal communications and employee information.

The group behind it remains anonymous, although some reports have called them “HBO is falling,” after the last line of the announcement email. Some of the communications regarding the hack have been attributed to “Mr. Smith” – not likely to be a real name.

And while it does not appear to be connected to any kind of political retribution, it obviously recalls the 2014 hack of Sony Pictures, attributed to North Korea in apparent retaliation for the movie “The Interview,” that the hermit kingdom felt held its leader, Kim Jong Un, up to ridicule.

That hack, which leaked and distributed unreleased movies and internal emails, and exposed personal information, including taxpayer IDs of more than 47,000 current and former Sony employees and actors, was detailed by Naked Security’s Lisa Vaas and discussed in a Chet Chat podcast with Chester Wisniewski and Paul Ducklin.

How much damage this might do to HBO is all speculative so far. Sony estimated its financial hit at $171 million in 2011, which to a $41 billion company is worth noticing but not even close to crippling, at less than a half a percent of its value.

And it is unlikely that copies of the Game of Thrones script, or even videos on the cyber underground will dent the popularity of the series or of HBO. If the hackers do have internal communications or personal information on employees, depending on how salacious they are, that could be more damaging.

But, since many hackers tend to exaggerate what they’ve got, that means everybody will have to wait and see … or not see.